|Disclaimer: The purpose of these questions is to review the content of todays lecture. The questions have been posted by students from the course and are not entirely reviewed.|
Responsible for today's questions are:
|Team 22||Marc Blomberg, Nadine Guenther, Sebastian Hofmann-Werther |
|Team 23||Karin Gellner, Jan Hoener-zu-Drewer, Sevinc Alici|
|Team 24||Joerg Brandstetter, Volker Ikenmeyer, Anche Mueer|
Question 1: 5.17 Security Architectures
Which of the following mail delivery options are considered security options?
A) Return Receipt.
C) Delivery report.
Question 2: 5.18 Security Architectures
Fill in the blank in the following sentence about encryption:
The RSA algorithm is based on encryption key pairs. One is the private key, and one is the
Question 3: 5.19 Security Architectures
Execution Control List (ECL)
The Excecution Control List restricts code execution in the Notes Client. Once restricted code is to be executed, an execution security alert dialog box is raised. Which information does the dialog box provide?
A) The validated electronic signature of the user that signed the code that is to be executed.
B) The date and time when the code has been signed.
C) The specific action the code is requesting to perform.
D) The user right of the signer granted in the ACL of the current database.
Question 4: 5.20 Security Architectures
Execution Control List (ECL)
The Excecution Control List restricts code execution in the Notes Client. Once restricted code is to be executed, an execution security alert dialog box is raised. Which actions can be performed in the dialog box?
A) "Do not execute the action" prevents the code from being executed.
B) "Execute the action this one time" executes the code one time. No changes to the ECL will be performed.
C) "Never execute the action" assures that the specific code will never be executed. To ensure execution restriction without execution security alerts, the signer added to the code deny list of the ECL.
D) "Start trusting the signer to execute this action" executes the code from now on. To ensure execution without execution security alerts, the signer will be granted additional rights in the users ECL.
Question 5: 5.21 Security Architectures
The RSA algorithm uses two keys. What are the advantages of this technique?
A) If the user loses one key, the other one can still be used.
B) A secret encryption key does not have to be securely transferred to the communication partner. The private key can be distributed in a signed EMail without any security breaches.
C) It assures higher security, because all mails are encrypted twice.
D) A secret encryption key does not have to be securely transferred to the communication partner. The public key can be publically distributed without any security breaches.
Question 6: 5.22 Security Architectures
Peter generates a symmetric secret encryption key named "ManagementMarketing" that is stored in his Notes ID file. He wants Linda to be able to read the content of documents encrypted with "ManagementMarketing". If he sends the key to Linda, she can decrypt documents encrypted with this key. How can Peter prevent Linda from giving the secret encryption key to unauthorized people?
A) He should only give the key to people he can trust, as the key can be forwarded via Email or exported from the Notes ID.
B) He can tell the Notes Client to make the key usable for a number of times. If the number is set to 5, the key will be deleted from Lindas Notes ID automatically
C) Before mailing or exporting the key, he can restrict the recipients right to forward the key in the "Secret Encrytion Key Restrictions" - dialog box. By default, it is not allowed to forward the key.
D) Mails that contain a secret encryption key can only be sent encrypted. The key itself will be encrypted, which ensures that a forwarded key is useless to any other user than the intended person.
Question 7: 5.23 Security Architectures
Fill in the blank in the following sentence about certificates:
Electronic certificates are used to authenticate users. Certificates are issued by a
. This institution is sepsonsible to verify the identy of the user requesting the certificate, e. g. by checking the ID-card